package work.wiwf.web.cfg;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.PasswordEncoder;

import work.wiwf.web.model.sys.service.impl.CustomUserDetailsServiceImpl;

/**
 * Security 配置
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

	@Autowired
    private PasswordEncoder passwordEncoder;
	
	@Autowired
	private CustomUserDetailsServiceImpl userDatailService;
	
	@Value("${magic-api.prefix}")
	String magicApiUrl;

	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		auth.userDetailsService(userDatailService).passwordEncoder(passwordEncoder);
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		// 放行接口
        http.authorizeHttpRequests()
        	.antMatchers(magicApiUrl, magicApiUrl+"/**",
        			"/game/**", "/page/**", "/plugs/**")
	        .permitAll().anyRequest().authenticated();
        // 定义验证
        http.httpBasic();
        // 定义注销
        http.logout();
        // 禁用 csrf
	    http.csrf().disable();
	}

}